[Catalyst] Where to add access control? Override execute() or
dispatch()?
Tomas Doran
bobtfish at bobtfish.net
Wed Sep 2 17:42:55 GMT 2009
On 30 Aug 2009, at 21:17, Bill Moseley wrote:
> I'm trying to decide if this is the best approach, or if would be
> better to test the ACL before dispatching. The issue is if the
> request is for /foo/bar, and an ACL rule blocks that, should
> Foo::(begin|end|auto) still run? Or should it act as if the /foo/bar
> action doesn't exist and not run any begin, auto, or end in the Foo
> controller?
I think that either would be a valid design decision.
I don't think that entirely shortcutting dispatch gives you as much
flexibility, and I tend to do the 'hard' part of the hit in the
terminus action anyway, so running the begin action isn't a big deal
for me.
I personally prefer it to be done on a per-action basis, as I _want_
begin / end / auto to run even in the case where the action itself is
denied (as this gives you the chance to 'whitelist' the action given
special conditions for one example, or to use the end action to
serialize an 'access denied' REST response back in a site with an API
for another example).
Cheers
t0m
More information about the Catalyst
mailing list